Fortinet white logo
Fortinet white logo

Administration Guide

FortiGuard

FortiGuard

FortiGuard services comprise of signature packages and querying services that provide content, web and device security. It is delivered via various types of FortiGuard servers that are part of the FortiGuard Distribution Network (FDN).

FortiGuard service subscriptions can be purchased and registered to your FortiGate unit. The FortiGate must be connected to the Internet in order to automatically connect to the FDN to validate the license and download FDN updates or perform real-time queries.

To view FDN support contract information, go to System > FortiGuard. The License Information table shows the status of your FortiGate’s entitlements and breaks down the status of each service.

License Information widget

The service entitlements and the license statuses are listed on the System > FortiGuard page. Upon expanding each entitlement, the corresponding definitions associated with the service are listed.

The following table list the available FortiGuard services and entitlements with a brief description.

Entitlement

FortiGuard service description

Advanced Malware Protection

AI Malware Detection Model

AntiVirus Definitions

AntiVirus Engine

Mobile Malware

Outbreak Prevention

The Advanced Malware Protection service includes various engines, databases, and definitions used in the AV profile.

Note

In order to download updated AV definitions, at least 1 policy with a security profile that has Antivirus scanning must be enabled.

SeeAntivirus for details.

Attack Surface Security Rating

IoT Detection Definitions

Outbreak Package Definitions

Security Rating & CIS Compliance

The Attack Surface Security service includes:

  • Running all the built-in free and paid security rating rules
  • Displaying CIS compliance information within security ratings

  • IoT Detection and IoT Query

Data Loss Prevention (DLP)

DLP Signatures

The Data Loss Prevention service offers a database of predefined DLP patterns such as data types, dictionaries, and sensors that are used in the DLP profile.

Email Filtering

Email Filtering includes spam and DNS filtering by FortiGuard.

Intrusion Prevention

IPS Definitions

IPS Engine

Malicious URLs

Botnet IPs

Botnet Domains

The IPS service includes engines, databases, and definitions used in the IPS and application control profiles.

Note

In order to download updated IPS definitions, at least 1 policy with a security profile that has IPS scanning must be enabled.

See Intrusion prevention and Application control for details.

Operational Technology (OT) Security Service

OT Threat Definitions

OT Detection Definitions

OT Virtual Patching Signatures

The OT Security service includes OT-related threat definitions used in IPS and application control profiles. It also includes OT Detection Definitions and Virtual Patching Signatures used in the virtual patching profile.

Web Filtering

Blocked Certificates

DNS Filtering

Video Filtering

The Web Security service includes:

  • FortiGuard categories used in web filter profiles
  • Malicious certificates used in SSL/SSH inspection profiles
  • FortiGuard categories used in DNS filter profiles
  • FortiGuard categories used in video filter profiles

SD-WAN Network Monitor

SD-WAN Underlay Bandwidth and Quality Monitoring service

SD-WAN Overlay as a Service

SD-WAN Overlay as a Service

FortiSASE SPA Service Connection

SD-WAN Connector for FortiSASE Secure Private Access

FortiSASE Secure Edge Management

Allows the FortiGate to act as the FortiSASE Secure Edge

FortiGate Cloud

FortiGate Cloud management, analysis, and log retention services

FortiAnalyzer Cloud

SoCaaS

FortiAnalyzer Cloud service

The SoCaaS entitlement includes cloud-based managed log monitoring, incident triage, and SOC escalation services.

FortiManager Cloud

FortiManager Cloud service

FortiToken Cloud

FortiToken Cloud service

Firmware & General Updates

Application Control Signatures

Device & OS Identification

FortiGate Virtual Patch Signatures

Inline-CASB Application Definitions

Internet Service Database Definitions

PSIRT Package Definitions

FortiCare Support

FortiCloud Account

Enhanced Support

The FortiCare support entitlement includes firmware and general updates that come with various default signatures and definitions:

  • Application control signatures used in application control profiles
  • Device & OS identification used for device detection and asset management
  • Virtual patch signatures used in local-in policies
  • Inline CASB application definitions used in inline CASB profiles
  • ISDB destinations that can be applied in various policies and rules
  • PSIRT vulnerability definitions used in security ratings

FortiConverter

FortiConverter service

Licenses widget

On the Dashboard > Status page, the Licenses widget lists the status of major entitlements. Licensed entitlement icons are green, and unlicensed entitlement icons are orange.

The following topics contain more information:

FortiGuard

FortiGuard

FortiGuard services comprise of signature packages and querying services that provide content, web and device security. It is delivered via various types of FortiGuard servers that are part of the FortiGuard Distribution Network (FDN).

FortiGuard service subscriptions can be purchased and registered to your FortiGate unit. The FortiGate must be connected to the Internet in order to automatically connect to the FDN to validate the license and download FDN updates or perform real-time queries.

To view FDN support contract information, go to System > FortiGuard. The License Information table shows the status of your FortiGate’s entitlements and breaks down the status of each service.

License Information widget

The service entitlements and the license statuses are listed on the System > FortiGuard page. Upon expanding each entitlement, the corresponding definitions associated with the service are listed.

The following table list the available FortiGuard services and entitlements with a brief description.

Entitlement

FortiGuard service description

Advanced Malware Protection

AI Malware Detection Model

AntiVirus Definitions

AntiVirus Engine

Mobile Malware

Outbreak Prevention

The Advanced Malware Protection service includes various engines, databases, and definitions used in the AV profile.

Note

In order to download updated AV definitions, at least 1 policy with a security profile that has Antivirus scanning must be enabled.

SeeAntivirus for details.

Attack Surface Security Rating

IoT Detection Definitions

Outbreak Package Definitions

Security Rating & CIS Compliance

The Attack Surface Security service includes:

  • Running all the built-in free and paid security rating rules
  • Displaying CIS compliance information within security ratings

  • IoT Detection and IoT Query

Data Loss Prevention (DLP)

DLP Signatures

The Data Loss Prevention service offers a database of predefined DLP patterns such as data types, dictionaries, and sensors that are used in the DLP profile.

Email Filtering

Email Filtering includes spam and DNS filtering by FortiGuard.

Intrusion Prevention

IPS Definitions

IPS Engine

Malicious URLs

Botnet IPs

Botnet Domains

The IPS service includes engines, databases, and definitions used in the IPS and application control profiles.

Note

In order to download updated IPS definitions, at least 1 policy with a security profile that has IPS scanning must be enabled.

See Intrusion prevention and Application control for details.

Operational Technology (OT) Security Service

OT Threat Definitions

OT Detection Definitions

OT Virtual Patching Signatures

The OT Security service includes OT-related threat definitions used in IPS and application control profiles. It also includes OT Detection Definitions and Virtual Patching Signatures used in the virtual patching profile.

Web Filtering

Blocked Certificates

DNS Filtering

Video Filtering

The Web Security service includes:

  • FortiGuard categories used in web filter profiles
  • Malicious certificates used in SSL/SSH inspection profiles
  • FortiGuard categories used in DNS filter profiles
  • FortiGuard categories used in video filter profiles

SD-WAN Network Monitor

SD-WAN Underlay Bandwidth and Quality Monitoring service

SD-WAN Overlay as a Service

SD-WAN Overlay as a Service

FortiSASE SPA Service Connection

SD-WAN Connector for FortiSASE Secure Private Access

FortiSASE Secure Edge Management

Allows the FortiGate to act as the FortiSASE Secure Edge

FortiGate Cloud

FortiGate Cloud management, analysis, and log retention services

FortiAnalyzer Cloud

SoCaaS

FortiAnalyzer Cloud service

The SoCaaS entitlement includes cloud-based managed log monitoring, incident triage, and SOC escalation services.

FortiManager Cloud

FortiManager Cloud service

FortiToken Cloud

FortiToken Cloud service

Firmware & General Updates

Application Control Signatures

Device & OS Identification

FortiGate Virtual Patch Signatures

Inline-CASB Application Definitions

Internet Service Database Definitions

PSIRT Package Definitions

FortiCare Support

FortiCloud Account

Enhanced Support

The FortiCare support entitlement includes firmware and general updates that come with various default signatures and definitions:

  • Application control signatures used in application control profiles
  • Device & OS identification used for device detection and asset management
  • Virtual patch signatures used in local-in policies
  • Inline CASB application definitions used in inline CASB profiles
  • ISDB destinations that can be applied in various policies and rules
  • PSIRT vulnerability definitions used in security ratings

FortiConverter

FortiConverter service

Licenses widget

On the Dashboard > Status page, the Licenses widget lists the status of major entitlements. Licensed entitlement icons are green, and unlicensed entitlement icons are orange.

The following topics contain more information: